chore(deps): bump aead.dev/minisign from 0.2.0 to 0.3.0

Bumps [aead.dev/minisign](https://github.com/aead/minisign) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/aead/minisign/releases)
- [Commits](aead/minisign@v0.2.0...v0.3.0)

---
updated-dependencies:
- dependency-name: aead.dev/minisign
  dependency-version: 0.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Author: dependabot[bot]

go.mod

@@ -3,7 +3,7 @@ module github.com/lacework/go-sdk/v2
 go 1.24.0
 
 require (
-	aead.dev/minisign v0.2.0
+	aead.dev/minisign v0.3.0
 	cloud.google.com/go/compute v1.29.0
 	cloud.google.com/go/compute/metadata v0.6.0
 	cloud.google.com/go/oslogin v1.14.2

go.sum

@@ -1,5 +1,5 @@
-aead.dev/minisign v0.2.0 h1:kAWrq/hBRu4AARY6AlciO83xhNnW9UaC8YipS2uhLPk=
-aead.dev/minisign v0.2.0/go.mod h1:zdq6LdSd9TbuSxchxwhpA9zEb9YXcVGoE8JakuiGaIQ=
+aead.dev/minisign v0.3.0 h1:8Xafzy5PEVZqYDNP60yJHARlW1eOQtsKNp/Ph2c0vRA=
+aead.dev/minisign v0.3.0/go.mod h1:NLvG3Uoq3skkRMDuc3YHpWUTMTrSExqm+Ij73W13F6Y=
 cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE=
 cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U=
 cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs=
@@ -379,7 +379,6 @@ go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
 golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
@@ -428,7 +427,6 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210228012217-479acdf4ea46/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -445,7 +443,6 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
 golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

vendor/aead.dev/minisign/.golangci.yml

@@ -1,32 +1,34 @@
 linters-settings:
-  golint:
-    min-confidence: 0
-
   misspell:
     locale: US
 
+  staticcheck:
+    checks: ["all", "-SA1019"]
+
 linters:
   disable-all: true
   enable:
-    - typecheck
+    - durationcheck
+    - gocritic
+    - gofmt
     - goimports
-    - misspell
+    - gomodguard
     - govet
-    - golint
     - ineffassign
-    - gosimple
-    - deadcode
-    - unparam
-    - unused
-    - structcheck
-    - prealloc
-    - maligned
+    - misspell
+    - revive
+    - staticcheck
+    - tenv
+    - typecheck
     - unconvert
+    - unused
 
 issues:
   exclude-use-default: false
   exclude:
-      - should have a package comment
-      - error strings should not be capitalized or end with punctuation or a newline
+      - "package-comments: should have a package comment"
+      - "exitAfterDefer:"
+      - "captLocal:"
+
 service:
-  golangci-lint-version: 1.35.0 # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.57.2 # use the fixed version to not introduce new linters unexpectedly

vendor/aead.dev/minisign/Makefile

@@ -0,0 +1,53 @@
+ifneq ($(shell go env GOBIN),)
+	GOBIN := $(shell go env GOBIN)
+else
+	GOBIN := $(shell $(go env GOPATH)/bin)
+endif
+
+.PHONY: build check release test lint update-tools
+
+build:
+	@mkdir -m 0755 -p ${GOBIN}
+	@CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -o ${GOBIN}/minisign ./cmd/minisign
+
+check:
+	@gofmt -d . && echo No formatting issue found.
+	@govulncheck ./...
+		
+release:
+ifneq ($(shell git status -s) , )
+	@(echo "Repository contains modified files." && exit 1)
+else
+	@echo -n Building minisign ${VERSION} for linux/amd64...
+	@GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -o ./minisign ./cmd/minisign
+	@tar -czf minisign-linux-amd64.tar.gz ./minisign ./LICENSE ./README.md
+	@echo " DONE."
+
+	@echo -n Building minisign ${VERSION} for linux/arm64...
+	@GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -o ./minisign ./cmd/minisign
+	@tar -czf minisign-linux-arm64.tar.gz ./minisign ./LICENSE ./README.md
+	@echo " DONE."
+
+	@echo -n Building minisign ${VERSION} for darwin/arm64...
+	@GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -o ./minisign ./cmd/minisign
+	@tar -czf minisign-darwin-arm64.tar.gz ./minisign ./LICENSE ./README.md
+	@echo " DONE."
+
+	@echo -n Building minisign ${VERSION} for windows/amd64...
+	@GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -o ./minisign ./cmd/minisign
+	@zip -q minisign-windows-amd64.zip ./minisign ./LICENSE ./README.md
+	@echo " DONE."
+
+	@rm ./minisign
+endif
+
+test:
+	@CGO_ENABLED=0 go test -ldflags "-s -w" ./...
+
+lint:
+	@go vet ./...
+	@golangci-lint run --config ./.golangci.yml
+
+update-tools:
+	@CGO_ENABLED=0 go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+	@CGO_ENABLED=0 go install golang.org/x/vuln/cmd/govulncheck@latest

vendor/aead.dev/minisign/README.md

@@ -3,6 +3,7 @@
 [![latest](https://badgen.net/github/tag/aead/minisign)](https://github.com/aead/minisign/releases/latest)
 
 # minisign
+
 minisign is a dead simple tool to sign files and verify signatures.
 
 ```
@@ -37,13 +38,16 @@ This is a Go implementation of the [original C implementation](https://github.co
 
 ```
 Usage:
-    minisign -G [-p <pubKey>] [-s <secKey>]
+    minisign -G [-p <pubKey>] [-s <secKey>] [-W]
+    minisign -R [-s <secKey>] [-p <pubKey>]
+    minisign -C [-s <secKey>] [-W]
     minisign -S [-x <signature>] [-s <secKey>] [-c <comment>] [-t <comment>] -m <file>...
     minisign -V [-H] [-x <signature>] [-p <pubKey> | -P <pubKey>] [-o] [-q | -Q ] -m <file>
-    minisign -R [-s <secKey>] [-p <pubKey>]
- 
+
 Options:
-    -G               Generate a new public/secret key pair.       
+    -G               Generate a new public/secret key pair.
+    -R               Re-create a public key file from a secret key.
+    -C               Change or remove the password of the secret key.
     -S               Sign files with a secret key.
     -V               Verify files with a public key.
     -m <file>        The file to sign or verify.
@@ -52,33 +56,41 @@ Options:
     -p <pubKey>      Public key file (default: ./minisign.pub)
     -P <pubKey>      Public key as base64 string
     -s <secKey>      Secret key file (default: $HOME/.minisign/minisign.key)
+    -W               Do not encrypt/decrypt the secret key with a password.
     -x <signature>   Signature file (default: <file>.minisig)
     -c <comment>     Add a one-line untrusted comment.
     -t <comment>     Add a one-line trusted comment.
     -q               Quiet mode. Suppress output.
     -Q               Pretty quiet mode. Combined with -V, only print the trusted comment.
-    -R               Re-create a public key file from a secret key.
     -f               Combined with -G or -R, overwrite any existing public/secret key pair.
     -v               Print version information.
 ```
 
 ## Installation
 
-On windows, linux and macOS, you can use the pre-built binaries:
-| OS        | ARCH    | Latest Release                                                                                                         |
-|:---------:|:-------:|:-----------------------------------------------------------------------------------------------------------------------|
-| Linux     | amd64   | [minisign-linux-amd64.tar.gz](https://github.com/aead/minisign/releases/download/v0.1.2/minisign-linux-amd64.tar.gz)   |
-| Linux     | arm64   | [minisign-linux-arm64.tar.gz](https://github.com/aead/minisign/releases/download/v0.1.2/minisign-linux-arm64.tar.gz)   |
-| MacOS     | arm64   | [minisign-darwin-arm64.tar.gz](https://github.com/aead/minisign/releases/download/v0.1.2/minisign-darwin-arm64.tar.gz) |
-| MacOS     | amd64   | [minisign-darwin-amd64.tar.gz](https://github.com/aead/minisign/releases/download/v0.1.2/minisign-darwin-amd64.tar.gz) |
-| Windows   | amd64   | [minisign-windows-amd64.zip](https://github.com/aead/minisign/releases/download/v0.1.2/minisign-windows-amd64.zip)     |
-
-If your system has [Go1.16+](https://golang.org/dl/), you can build from source:
+With an up-to-date Go toolchain:
 ```
-git clone https://aead.dev/minisign && cd minisign
-go build -o . aead.dev/minisign/cmd/minisign
+go install aead.dev/minisign/cmd/minisign@latest
 ```
 
+On windows, linux and macOS, you can also use the pre-built binaries:
+| OS        | ARCH    | Latest Release                                                                                                         |
+|:---------:|:-------:|:-----------------------------------------------------------------------------------------------------------------------|
+| Linux     | amd64   | [minisign-linux-amd64.tar.gz](https://github.com/aead/minisign/releases/download/v0.3.0/minisign-linux-amd64.tar.gz)   |
+| Linux     | arm64   | [minisign-linux-arm64.tar.gz](https://github.com/aead/minisign/releases/download/v0.3.0/minisign-linux-arm64.tar.gz)   |
+| MacOS     | arm64   | [minisign-darwin-arm64.tar.gz](https://github.com/aead/minisign/releases/download/v0.3.0/minisign-darwin-arm64.tar.gz) |
+| Windows   | amd64   | [minisign-windows-amd64.zip](https://github.com/aead/minisign/releases/download/v0.3.0/minisign-windows-amd64.zip)     |
+
+From source:
+1. Clone the repository
+   ```
+   git clone https://aead.dev/minisign && cd minisign
+   ```
+2. Build the binary
+   ```
+   make build
+   ```
+
 ## Library
 
 ```Go
@@ -100,14 +112,14 @@ import (
 func main() {
 	var message = []byte("Hello World!")
 
-	public, private, err := minisign.GenerateKey(rand.Reader)
+	publicKey, privateKey, err := minisign.GenerateKey(rand.Reader)
 	if err != nil {
 		log.Fatalln(err)
 	}
 
-	signature := minisign.Sign(private, message)
+	signature := minisign.Sign(privateKey, message)
 
-	if !minisign.Verify(public, message, signature) {
+	if !minisign.Verify(publicKey, message, signature) {
 		log.Fatalln("signature verification failed")
 	}
 	log.Println(string(message))

vendor/aead.dev/minisign/minisign.go

@@ -162,7 +162,7 @@ func Verify(publicKey PublicKey, message, signature []byte) bool {
 }
 
 func sign(privateKey PrivateKey, message []byte, trustedComment, untrustedComment string, isHashed bool) []byte {
-	var algorithm = EdDSA
+	algorithm := EdDSA
 	if isHashed {
 		algorithm = HashEdDSA
 	}

vendor/aead.dev/minisign/minisign.pub

@@ -0,0 +1,2 @@
+untrusted comment: minisign public key D7E531EE76B2FC6F
+RWRv/LJ27jHl10fMd7ozqYIs8zOaPqWf6EjnWSqkOpOQiD1UJpOgCFm0